Bootcamp Parallels Project Overview

Document Sample
Bootcamp Parallels Project Overview Powered By Docstoc
					                     California State University, Chico

                      Technology Project Overview
                      Systems Center Implementation

MS f832192c-393e-4d0b-b253-5cc3cc1c535c.doc   -1-         rev 2/4/08

Document Title:                 MS System Center Project Overview.doc
Author:                         Andrea Mox
File Reference:

Date         By                Action                                      Pages
7/1/07       Amox              Draft overview                              All
9/21/07      Amox              Added Stakeholders                          1
11/01/07     Amox              Removed JIRA as PM app—added wiki
11/09/07      Amox             Major updates to clarify project benefits   majority
12/12/07     Amox              Update to add ―sole source‖ language and    3&4
                               Gartner Magic Quadrant
12/12/07     Amox              Added Licensing and budget items            9
1/28/08      J Ringel          Review document, update funding source

Review/Approval History

 Date         By                  Action                                   Pages
 1/28/08      Directors            Approve project
 1/28/08      B Post               Approve funding

MS f832192c-393e-4d0b-b253-5cc3cc1c535c.doc          -2-                              rev 2/4/08
Project: Microsoft Systems Center Implementation—Phase I

Project Sponsor:             Andrea Mox and Brigette Bucke

Project Lead:                Mike Murray, Steve Krok, Bill Pierini
                             Mike Murray, Steve Krok, Bill Pierini, Keith Adams, Jeff Jaxon, Mark
Key Team Members:
                             Lewkowicz, Ryan Esposto, HDTS Students, Network Operations (minimal)
Est. Project Timeline:       July 2007 through May 2008, Phase 1

Problem Statement

User Services is currently using LANDesk version 7, an outdated and unsupported application to obtain
asset information and provide remote control support on the Chico domain for Windows based desktops.
When originally implemented, the intent was to also utilize LANDesk for software deployment and
upgrades. The campus is limited to 1700 licenses (based upon numbers of centrally managed machines
4 years ago), and cannot add licensing without a costly renewal and upgrade. Additionally, the current
system can only operate on Windows 2000 server, which is a security risk.

LANDesk’s intended functionality proved ineffective at best in our pre-ITRP environment, and licensing
and maintenance costs in general have become prohibitive (60K per year). We are in a risky position
should the LANDesk server experience technical problems—loss of key data and support functionality
would result. A fully functional and reasonably priced desktop management replacement is required.

For server management, Enterprise Systems does not have a single tool to centrally manage their
servers comprehensively, and LANDesk cannot provide this functionality for the server environment
effectively. System administrators spend time performing redundant tasks on more than 50 enterprise
level servers in an effort to monitor and secure the environment. Performing these tasks manually
creates inconsistencies in server patching levels, and requires significant time, resulting in ineffective
resource allocation and potential security issues at the enterprise level.

Solution Options

    1. Purchase a central desktop and server management solution that can integrate with Active Directory
    2. Purchase separate application for Central Desktop and Server Management, and let each group
       implement separate systems
    3. Continue using current LANDesk application for desktops, and not procure anything for the servers

Proposed Solution

User Services and Enterprise Systems have researched Microsoft’s System Center suite, and believe this
suite to meet the requirements to replace LANDesk and implement server management within a single
console environment. Microsoft has combined their industry standard enterprise and desktop
management applications into one suite of powerful tools, called System Center. System Center is
comprised of Operations Manager (formerly known as MOM), Configuration Manager (formerly known as
SMS), and other technologies that could be implemented in the future.

Systems Center delivers the unique performance feature of providing one comprehensive console that
will allow administration of a suite of management tools, from desktop management to server and backup

MS f832192c-393e-4d0b-b253-5cc3cc1c535c.doc             -3-                                        rev 2/4/08
management. The console can be shared
by administrators across departments. A
shared management console saves on
physical resources, and allows for more
secure access to the server.

The CSU has volume license pricing for the
Microsoft suite, which keeps software costs
to a minimum. For example, LANDesk with
Patch Management (for desktop
management only) has an educational
pricing of approx $20 per seat, a cost of
$60,000 per year for desktop management.
The costs are similar for other products
such as Altiris and HP OpenView.

The license costs for Microsoft’s
Configuration Manager (desktops) and
Operations (Server) Manager combined will
likely be less than $1 per seat per year—
less than $3000.

The Microsoft developed Systems Center
suite features industry standard tools that
are expected to work more effectively in our
Microsoft Active Directory environment.
The ability to manage in-depth a variety of technical systems, from the enterprise to the desktop level is a
unique feature of Systems Center. Gartner positions Microsoft’s technologies at the top of the leaders in
their 2006 PC Life Cycle Magic Quadrant for 2006.

        System Center Modules Overview:

        System Center Operations Manager
        Microsoft System Center Operations Manager 2007 (formerly known as Microsoft Operations
        Manager), affords you a comprehensive, overall view of the health of your IT environment. Track
        thousands of event and performance monitors across hundreds of operating systems and
        applications. In addition, get best-of-breed, end-to-end service management for the Windows
        platform and access to more than 50 management packs for various Microsoft software
        applications. Finally, automate routine, redundant tasks to increase efficiency and enable greater
        control of your IT environment.
        System Center Configuration Manager
        Microsoft System Center Configuration Manager 2007 (formerly known as Microsoft System
        Management Server) drives IT productivity and efficiency by reducing manual tasks and enabling
        you to focus on high-value projects, maximize hardware and software investments, and empower
        end-user productivity with the right software at the right time. Configuration Manager contributes
        to a more effective IT department by enabling secure and scalable operating system and
        application deployment and desired configuration management, enhancing system security, and
        providing comprehensive asset management of servers, desktops, and mobile devices.

        System Center Data Protection Manager
        Microsoft System Center Data Protection Manager 2006 optimizes and speeds disk-based
        backup and recovery, delivers consistent data protection, and increases your IT organization’s
        operational efficiencies. For example, recover information quickly by copying content from a
        production server and speed data recovery with always-accessible disks. Data Protection

MS f832192c-393e-4d0b-b253-5cc3cc1c535c.doc            -4-                                       rev 2/4/08
        Manager also supports near-continuous data protection with centralized backup of branch offices
        and backup enhancements within the data center. Finally, help lower the total cost of your data-
        protection environment by consolidating backup efforts at the data center, empowering end users
        to perform their own recoveries, and implementing out-of-the-box reporting and monitoring

        System Center Capacity Planner
        Microsoft System Center Capacity Planner 2006 is a pre-deployment, capacity-planning solution
        that provides best-practice guidance, hardware-specific knowledge, and "what if" scenario
        planning. For example, with Capacity Planner you can make solid architecture decisions as you
        plan to deploy Exchange Server 2007 or Operations Manager, plan ahead for IT purchases, and
        receive automated reports to proactively manage current and future performance issues

Project Benefits

System Center provides a comprehensive solution for both the desktop and enterprise level assets,
allowing for improved system monitoring, project deployment, software and hardware inventory, remote
support, remote upgrades/installs, application patching, and imaging. The ability to manage desktops
remotely has effectively allowed for enhanced security, uniformity, more efficient use of technician time,
and reduced calls to the Help Desk.

Campus desktop security is always of critical concern. As a higher education institution, the majority of
our faculty and staff desktops do not operate in a diminished privileges mode (e.g. windows users are
administrators on their computer). To provide maximum security to our environment, it is essential that
User Services implement centralized tools and strategies to manage campus desktops and better protect
campus users and data. We use Microsoft’s WSUS server to push operating system and Microsoft
application patches and service packs, and planned originally to use LANDesk to do the same for non
Microsoft applications. A primary failure of LANDesk has been the inability to deploy application and
security updates to non Microsoft products.

With Configuration Manager, we will be able force and track all windows application updates to provide
better security for the campus. SCCM provides the ability to push all security updates centrally (Microsoft,
Adobe, QuickTime, Macromedia, etc.). Unpatched non-Microsoft applications have been a security
concern for some time, and currently, User Services’ only option is to send security notifications to
campus users via e-mail, which does not ensure that security updates are being installed.

For enterprise servers, System Center Operations Manager provides a centralized and comprehensive
view of the health of our servers. Event tracking, performance monitoring, and the ability to automate
routine, redundant tasks will increase efficiency and enable greater control of our central systems. The
campus as a whole benefits from pro-active management of servers, allowing for better uniformity, early
detection of systemic failures, and improved use of system administrators time by allowing routine checks
to be automated.

For Information Resources, implementation of Systems Center has several immediate benefits:
    o More secure desktop and server environments
    o enhanced project support and delivery
    o more comprehensive and expedient customer support and service
    o better understanding of current desktop and server environment
    o improved strategic planning and decision-making
    o improved metrics and reporting for daily operations up through Chancellors level reporting
    o remote software distribution that is secure and does not require a technician call
    o etc.

MS f832192c-393e-4d0b-b253-5cc3cc1c535c.doc            -5-                                       rev 2/4/08
Evident Needs

       LANDesk replacement required
       Ability to inventory hardware and software to release level
       Remote control ability
       Desktop Imaging, application and software update distribution capability
       Enhanced desktop security through comprehensive centralized application and OS management
       Enhanced server monitoring and maintenance
       Enhanced inventory reporting
       Enhanced support of technical projects
       Better use of IRES technical staff talents

Risks if we do not implement System Center

The primary risk for not deploying System Center SCCM on the desktops is continued inability to provide
application level patching, leading to potential desktop compromise. Additionally, the current mix of tools
used to manage our campus desktop environment is either deficient or costly standalone solutions.

Not deploying System Center Enterprise modules will result in continued inefficiencies for valuable
systems staff. Updating and Monitoring will remain a more manual task rather than automated.
Additionally, preparation for major enterprise software releases will be enhanced by making use of the
capacity planning capabilities of the System Center.

System Center provides a comprehensive solution for both the desktop and enterprise level assets,
allowing for enhanced system monitoring, project deployment, software and hardware inventory, remote
support, remote upgrades/installs, application patching, and imaging.

Risks if we implement System Center

There are several potential risks to deploying System Center that will need to be reviewed and mitigated:

        Elevated privileges are required to manage SCCM for a domain. Discussion will be required for
        appropriate determination of elevated privileges, and whether this risk is acceptable. If not, the
        project will require dedicated ESYS resources at a management level.

        Active Directory
        SCCM requires new template and group policies be added and modified more frequently for full
        functionality. Traditionally, Active Directory Templates and Group Policies have not been modified
        unless absolutely deemed necessary or for project based requirements (IPSEC, Outlook
        Encryption). Typically these tasks are performed by Domain Administrators. Discussions will be
        required to determine how changes to group policy will be managed in the future.

        There is potential risk for excess network traffic generated by the communication between the
        client & server. This could cause some network degradation on campus. We will be monitoring
        this very closely and will implement secondary site servers to minimize this impact.

MS f832192c-393e-4d0b-b253-5cc3cc1c535c.doc           -6-                                        rev 2/4/08
General Deliverables:

       Stage 1 - Preparation Tasks                                Aug 07-Oct-07
            Review of System Center Applications with ESYS
            Research and determine permissions structure
           Consultant/Training recommendations
       Stage 2 – Test Domain Testing                              Oct 07-Dec 07
            Install System Center Apps                            Done 10/11/07
            Determine elevated privileges
            Determine changes to AD
            Conduct testing
           Completed Test documentation
       Stage 3 - Design                                           Jan 08-Feb 08
            Information Gathering
           Technical Design
       Stage 4 - Planning Phase                                   Feb 08-Mar 08
            Define scope and terms of reference
           Produce implementation Plan
       Stage 5 - Pre-deployment (pilot)                           Mar-April 08
            Extend AD Schema (elevated privileges needed)
            Create AD Sites
            Determine Pilot Group
            Implement SC/SCCM security accounts
            Implement SC/SCCM user groups for client population
            Install Central/Primary Site Server
            Configure Central/Primary Site Server
            Install Secondary Site Server(s)
            Configure Secondary Site Server
            Verify Server Operations
            Implement client deployment method(s)
            User and project board acceptance tests
            Analyze and Re-configure Site Hierarchy
            Revise design document to reflect As-Built
            Update and revise operational procedures
           Deployed Pilot
       Production Rollout                                         May 08-Aug 08
            Install Secondary Site Servers
            Verify Server Operations
            Initiate Phased Client Deployment

MS f832192c-393e-4d0b-b253-5cc3cc1c535c.doc           -7-                   rev 2/4/08
Fallback Plan

    If SCCM is determined to be causing issues with campus computers, the following steps will be

           Widespread issue, affecting multiple machines – Roll inventory and all other settings to
            minimal, troubleshoot. Assuming satisfactory resolution, apply new settings and monitor.
           Individual machines – Troubleshoot individually. With satisfactory resolution, apply new

Project Tracking

Project information will be entered into Confluence. Andrea will monitor overall progress, with Mike
Murray overseeing specific task management for SCCM, and ESYS managing Enterprise Level Tasks.
Regular meetings will require review of tasks and overall progress. Assignees are required to update
information and tasks with all necessary documented steps.

Any additional desktop related issues that come forward from the team are to be brought to Mike for
evaluation. Issues Mike deems should be added to the project will be discussed with Andrea and the
ESYS team for entry and appropriate assignment. Project scope and timelines will be adjusted

Any additional Server or Enterprise related issues that come forward from the team are to be brought to
Brigette for evaluation. Issues Brigette deems should be added to the project will be discussed with
Andrea and the USRV team for entry and appropriate assignment. Project scope and timelines will be
adjusted accordingly.

Communication Plan

The System Center team meets weekly and has core members from USRV and ESYS. This group will
work closely with technical staff in IRES as appropriate. Once in pilot testing, the SC team will work
closely with test groups and keep them informed of progress and next steps. Once we’re ready to
implement campus-wide, campus-wide announcements regarding the implementation of SCCM may be
necessary given the widespread impact this project will have.

Phase I End
Phase 1 of this project will end with rolling SCCM out to all managed groups within Active Directory, which
covers the vast majority of campus computers. Servers will be managed through the System Center
Operations Manager application as well.

Proposed Start Date: 07/07                               Proposed End Date: August 31, 2008

Source of Funding:
Initial procurement: Enterprise Budget
Ongoing maintenance: Enterprise Budget

MS f832192c-393e-4d0b-b253-5cc3cc1c535c.doc           -8-                                       rev 2/4/08
Resource Requirements:

                          USRV                20 hrs wk                   1000 hrs
                          ESYS                10 hrs wk                   500 hrs
                          Networking          Minimal--tbd
                          Applications        Minimal--tbd
                          User Training &     tbd
                          Migration           Minimal--tbd
                          Project Staff       Minimal--tbd

                          Hardware            1 server for Con Mgr & Op Mgr$8000           $8,000
                                              1 server for WSUS 3*        $8000            $8,000
                          Networking/OPS      2 ports (estimated)         $1000            $1,000

                          Backup              TBD (in process of being                        TBD
                          Maintenance                                                          incl
                          Technical           tbd                                         $15,000
                          Training            tbd                         ESYS &          $10,000
                                                                          Mike M
                          Licensing                                       (confirmed)      $1,000
                          Maintenance                                     (confirmed)      $1,000
       Estimated Totals                                                                   $44,000

      WSUS 3 Replacement server could be considered outside scope, but it will integrate directly
       into this project, and the server needs replacement.
      Initial architecture review shows that one server will support both the Operations and Config
       Mgr applications, so there might be no additional server costs.

MS f832192c-393e-4d0b-b253-5cc3cc1c535c.doc         -9-                                 rev 2/4/08
Milestones                                         Planned End Date   Date Complete   Participant(s)

Kickoff Mtg                                        7/18/07            7/18/07

Team workflow Meetings                             12/6/07            ongoing
Installation on Test AD                            10//6/07           10/9/07
Testing within test domain                         12/1/07
Site Design                                        2/29/08
Development of deployment plan                     3/28/08
Installation on Chico Domain                       3/3/08
Pilot testing                                      5/2/08
Communication to campus                            4/25/08
Phase 1 Roll-out completion                        8/31/08

Measures of Success
 X      Successful implementation on Test AD
        Completion of Testing within test domain
        Development of Chico Domain Site Design
        Development of Chico Domain deployment plan
        Successful Installation on Chico Domain
        Completion of Pilot testing
        Completion of Communication plan

Unit Requirements
ISEC -- Minimal--tbd
NOPS -- Minimal--tbd

MS f832192c-393e-4d0b-b253-5cc3cc1c535c.doc          - 10 -                             rev 2/4/08